<html>
<head><meta charset="utf-8"><title>OSV PR review · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html">OSV PR review</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="243957562"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/243957562" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#243957562">(Jun 25 2021 at 19:09)</a>:</h4>
<p>The OSV pull request is ready for review: <a href="https://github.com/RustSec/rustsec/pull/366">https://github.com/RustSec/rustsec/pull/366</a><br>
Also fixes the issue around the handling of pre-releases, for good this time.<br>
<span class="user-mention" data-user-id="132721">@Tony Arcieri</span> would you prefer to review it yourself, or delegate the review?<br>
I'll be going on an extended leave in 2 weeks from now, so ideally I'd like to get it merged before then.</p>



<a name="243979426"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/243979426" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#243979426">(Jun 25 2021 at 22:51)</a>:</h4>
<p>cool, I should be able to take a look this weekend</p>



<a name="244170327"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244170327" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244170327">(Jun 28 2021 at 16:26)</a>:</h4>
<p>reviewed. no major complaints</p>



<a name="244208246"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244208246" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244208246">(Jun 28 2021 at 21:41)</a>:</h4>
<p><span class="user-mention" data-user-id="132721">@Tony Arcieri</span> Thanks! I've made this into a pre-release (good call) and replied to the other two comments.<br>
If everything looks good, please merge this and publish <code>rustsec</code> and <code>rustsec-admin</code> to <a href="http://crates.io">crates.io</a>; then I'll switch over advisory-db CI to 0.24.x and if it passes, merge <a href="https://github.com/RustSec/advisory-db/pull/942">https://github.com/RustSec/advisory-db/pull/942</a></p>



<a name="244212556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244212556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244212556">(Jun 28 2021 at 22:28)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> heh, oh joy, I bumped the <code>rustsec</code> version to v0.24.0 and was surprised that <code>cargo test</code> worked on the first try, and it was the "prerelease matches release" thing where you need explicit <code>=</code></p>



<a name="244222380"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244222380" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244222380">(Jun 29 2021 at 01:03)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> seems this PR:</p>
<p><a href="https://github.com/RustSec/advisory-db/pull/944/checks?check_run_id=2937543067">https://github.com/RustSec/advisory-db/pull/944/checks?check_run_id=2937543067</a></p>
<p>...might need...</p>
<p><a href="https://github.com/RustSec/advisory-db/pull/942">https://github.com/RustSec/advisory-db/pull/942</a></p>



<a name="244222449"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244222449" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244222449">(Jun 29 2021 at 01:04)</a>:</h4>
<p>anyway you're now an owner of <code>rustsec-admin</code> and I am about to hop on Amtrak and go through what one movie called Dark Territory a.k.a. no radio reception tomorrow, heh</p>



<a name="244222472"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244222472" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244222472">(Jun 29 2021 at 01:04)</a>:</h4>
<p>and the next day, 2-day trip</p>



<a name="244261901"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244261901" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244261901">(Jun 29 2021 at 10:45)</a>:</h4>
<p><span class="user-mention" data-user-id="132721">@Tony Arcieri</span> Great, I'll handle the rest. Have fun!</p>



<a name="244354936"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244354936" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244354936">(Jun 29 2021 at 22:11)</a>:</h4>
<p>All right, I've merged both and CI is green again.</p>



<a name="244355787"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244355787" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244355787">(Jun 29 2021 at 22:20)</a>:</h4>
<p>I've double-checked that <code>cargo audit</code> still works, too.</p>



<a name="244486945"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244486945" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244486945">(Jun 30 2021 at 20:59)</a>:</h4>
<p>On Friday I'll set up <code>osv-experimental-v0.7</code> branch on the <code>advisory-db</code> repo and set up continuous export to OSV format. That way OSV will finally be wired up to the production database. Unless there are any objections, that is.<br>
All the code is already written, I'll just deploy it in prod and not on my fork for the first time.</p>



<a name="244523590"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244523590" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244523590">(Jul 01 2021 at 06:23)</a>:</h4>
<p><span class="user-mention" data-user-id="132721">@Tony Arcieri</span> (not urgent, feel free to postpone) <br>
What are the blockers for publishing <code>cargo audit</code> backed by <code>rustsec</code> 0.24? That should fix the handling of pre-releases. Doesn't require enabling the unstable OSV feature either.<br>
Are there any tests you wanted to run before publishing it?</p>



<a name="244620108"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244620108" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244620108">(Jul 01 2021 at 20:09)</a>:</h4>
<p>there aren't any. I can cut another release</p>



<a name="244620498"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244620498" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244620498">(Jul 01 2021 at 20:13)</a>:</h4>
<p>That'd be cool because it would ship a bugfix that people have been asking about for a while now</p>



<a name="244629542"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244629542" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244629542">(Jul 01 2021 at 21:32)</a>:</h4>
<p><a href="https://github.com/RustSec/rustsec/pull/392">https://github.com/RustSec/rustsec/pull/392</a></p>



<a name="244639338"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244639338" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244639338">(Jul 01 2021 at 23:21)</a>:</h4>
<p>I've installed v0.15 from crate it and it seems to work. Yay! (Not unexpected, but you never know)</p>



<a name="244721873"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244721873" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244721873">(Jul 02 2021 at 15:50)</a>:</h4>
<p>I've just merged OSV data and a continuous export to OSV format on CI to the mainline repo:<br>
<a href="https://github.com/RustSec/advisory-db/tree/osv-experimental-v0.7">https://github.com/RustSec/advisory-db/tree/osv-experimental-v0.7</a><br>
We're now officially exporting the data to OSV in real time!</p>



<a name="244768501"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/OSV%20PR%20review/near/244768501" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/OSV.20PR.20review.html#244768501">(Jul 02 2021 at 23:44)</a>:</h4>
<p>This means I'm done working on OSV for now. I will probably pick it up in September or so, once the format settles down.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>